Workshops

Our workshops

softScheck GmbH currently offers the following IT security workshops:

Threat Modeling: Since about half of all security gaps in software are due to design errors, safety measures must be considered during the design phase. In this phase, the cost of troubleshooting is comparatively low compared to the implementation phase. Threat modeling helps to identify threats, regardless of the complexity of the architecture. The method supports the development of a trustworthy security design.

Secure Web Development: This course is about security issues of web technologies from the point of view of web developers. Recent incidents and common attack vectors are shown. The processes of software development and security software testing are presented in detail. The OWASP Testing Guide is the main part of this workshop. Therefore on the basis of examples and exercises, well-established vulnerabilities are illustrated and exploited. For each vulnerability, the source code will be reviewed and a patch developed. This course is based on OWASP Top Ten, CWE/SANS Top 25 and Best Practices of BSI (German Federal Office for Information Security).

Security Testing Process: To offer high quality software security it has to be securely developed from the beginning. The softScheck Security Testing Process points out how to integrate Security Testing in every phase of a well thought-out software development process. Security Requirements will be specified in the phase of requirements analysis and the design will be analyzed for possible threats using Threat Modeling. From development to deployment including the use of Static Source Code Analysis, Fuzzing and Penetration Testing will identify vulnerabilities in the implementation.

Hacking Workshop: Take a different point of view on your system from the perspective of an attacker. The softScheck Hacking Workshop is presented by experienced Penetration Testers to convey a comprehensive insight into possible attacks of hackers. It is very practically oriented and after a quick introduction in types of vulnerabilities and the use of attacking tools you are ready to start over on the prepared exercises to attack test systems on your own. Each day of the workshop will cover different topics divided in web applications and network services.